<?php 
/**
 *
 * @category    API
 * @package     Api_Contract
 * @subpackage  Model
 * @author      trungpm
 */
class Api_Model_Contract {
    const table_name = 'tblvgt_contract';
    
	function ModifyContract($ContractId, $ContractDetails, $user, $password) {
        $Errors = array();
        $db = db($user, $password);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        }
        foreach ($ContractDetails as $key=>$value) {
            $ContractDetails[$key] = DB_escape_string($value);
        }
        $sql = 'UPDATE tblvgt_contract SET ';
		foreach ($ContractDetails as $key => $value) {
			$sql .= $key.'=N\''.str_replace("\'", "''", $value).'\', ';
		}
        $sql = substr($sql, 0, -2).' WHERE contract_id='.$ContractId;
        
        if (sizeof($Errors) == 0) {
            $result = DB_Query($sql, $db);
            if (!isset($result) || !$result) {
                $Errors[0] = DatabaseUpdateFailed;
            } else {
                $Errors = array();
            }
        }
        return $Errors;
    }
	
	/* Insert a new object */
    function InsertContract($ContractDetails, $user, $password) {
        $Errors = array();
        $db = db($user, $password);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        }
        foreach ($ContractDetails as $key=>$value) {
            $ContractDetails[$key] = DB_escape_string($value);
        }        
        $FieldNames = '';
        $FieldValues = '';
        foreach ($ContractDetails as $key=>$value) {
            $FieldNames .= $key.', ';
            $FieldValues .= 'N\''.$value.'\', ';
        }		
        $sql = 'INSERT INTO tblvgt_contract ('.substr($FieldNames, 0, -2).') '.'VALUES ('.substr($FieldValues, 0, -2).') ';
		if (sizeof($Errors) == 0) {
            $result = DB_Query($sql, $db);
            if (!$result) {
                return $_SESSION['LastInsertId'];
            }else{
				return null;
			}
        }
        return null;
    }
	
	/* 
	* Insert a new object and return key
	* huudatxm
	*/
    function insert($data, $user, $password) {
        $Errors = array();
        $db = db($user, $password);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        }
                
        $FieldNames = '';
        $FieldValues = '';
        foreach ($data as $key=>$value) {
            $FieldNames .= $key.", ";
            $FieldValues .= 'N\''.$value.'\', ';
        }
		$FieldNames .= 'created_date, ';
        $FieldValues .= 'N\''.date('Y-m-d').'\', ';
		$FieldNames .= 'created_by, ';
        $FieldValues .= 'N\''.$_SESSION['UserID'].'\', ';
		$FieldNames .= 'updated_date, ';
        $FieldValues .= 'N\''.date('Y-m-d').'\', ';
		$FieldNames .= 'updated_by, ';
        $FieldValues .= 'N\''.$_SESSION['UserID'].'\', ';
		
        $sql = 'INSERT INTO tblvgt_contract ('.substr($FieldNames, 0, -2).') '.' VALUES ('.substr($FieldValues, 0, -2).') ';
        if (sizeof($Errors) == 0) {
            DB_Query($sql, $db);
            return $_SESSION['LastInsertId'];	
        }
        return 0;
    }
    
	/* 
	 * update	 
     */
    function update($contract_id, $field, $value) {
    	//Check user permission
		$db = db($_SESSION['UserID'],  $_SESSION['Password']);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        };
        $val_str = "$field = N'$value'";
		$val_str .= ', updated_date = N\''.date('Y-m-d').'\' ';        
		$val_str .= ', updated_by = N\''.$_SESSION['UserID'].'\' ';
        		
        $sql = "UPDATE ".self::table_name." SET $val_str";
		$sql .= " WHERE contract_id = $contract_id";
		
        if (sizeof($Errors) == 0) {			
            return DB_Query($sql, $db);          
        }
        return 0;
    }
    
	/* 
	 * Verify field existed.	 
     */
    function verifyFieldExist($field, $value) {
    	//Check user permission
		$db = db($_SESSION['UserID'],  $_SESSION['Password']);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        };
        $Searchsql = "SELECT count(*) as c FROM ".self::table_name." WHERE $field = N'$value'";
        $SearchResult = DB_query($Searchsql, $db);
        $answer = DB_fetch_array($SearchResult);
        if ($answer['c'] != 0) {
            return 1;
        };
        return 0;
    }
	
}